Updates

core-os-podman/_disabled/mbin.tf

@@ -0,0 +1,176 @@
+# Based on https://github.com/MbinOrg/mbin/blob/main/compose.yaml
+
+variable "mbin_env" {
+  type = list(string)
+
+  default = [
+    # From https://github.com/MbinOrg/mbin/blob/main/.env.example_docker
+    # Docker specific variables
+    "MBIN_USER=1000:1000",
+    # Possible values: debug, info, notice, warning, error, critical, alert, emergency
+    "PHP_LOG_LEVEL=error",
+    # Mbin variables
+    "SERVER_NAME=\"mbin.rescla.me, php:80\"",
+    "KBIN_DOMAIN=mbin.rescla.me",
+    "KBIN_TITLE=Mbin",
+    "KBIN_DEFAULT_LANG=en",
+    "KBIN_FEDERATION_ENABLED=true",
+    "KBIN_CONTACT_EMAIL=contact@mbin.rescla.me",
+    "KBIN_SENDER_EMAIL=noreply@mbin..rescla.me",
+    "KBIN_JS_ENABLED=true",
+    "KBIN_REGISTRATIONS_ENABLED=true",
+    "KBIN_API_ITEMS_PER_PAGE=25",
+    "KBIN_STORAGE_URL=https://mbin.rescla.me/media",
+    "KBIN_META_TITLE=\"Mbin\"",
+    "KBIN_META_DESCRIPTION=\"content aggregator, content voting, discussion and micro-blogging platform on the fediverse\"",
+    "KBIN_META_KEYWORDS=\"mbin, content aggregator, open source, fediverse\"",
+    "KBIN_HEADER_LOGO=false",
+    "KBIN_FEDERATION_PAGE_ENABLED=true",
+    "MBIN_DEFAULT_THEME=default",
+    # Set the max image file size (in bytes)
+    # This should be set to <= `upload_max_filesize` and `post_max_size` in the server's php.ini file
+    "MBIN_MAX_IMAGE_BYTES=6000000",
+    # Change the down vote behaviour. Possible values are:
+    # 'enabled' => default mode downvotes are enabled
+    # 'hidden' => downvotes are counted and users can downvote, but the number is hidden
+    # 'disabled' => downvotes are ignored and the downvote button is hidden. They also do not count in the sorting
+    "MBIN_DOWNVOTES_MODE=enabled",
+    # Only let admins generated oauth clients
+    "KBIN_ADMIN_ONLY_OAUTH_CLIENTS=false",
+    # Manually approve every new user
+    "MBIN_NEW_USERS_NEED_APPROVAL=false",
+    # Use an allowlist instead of a ban list
+    "MBIN_USE_FEDERATION_ALLOW_LIST=false",
+    # Show only local users in the active users section
+    "MBIN_SIDEBAR_SECTIONS_RANDOM_LOCAL_ONLY=false",
+    # Show only local users in the active users section
+    "MBIN_SIDEBAR_SECTIONS_USERS_LOCAL_ONLY=false",
+    # Captcha (also enable in admin panel/settings)
+    "KBIN_CAPTCHA_ENABLED=false",
+
+    ###> meteo-concept/hcaptcha-bundle ###
+    "HCAPTCHA_SITE_KEY=",
+    "HCAPTCHA_SECRET=",
+    ###< meteo-concept/hcaptcha-bundle ###
+
+    # If you are running Mbin behind a reverse proxy, uncomment the line below and adjust the proxy address/range below
+    # to your server's IP address if it does not already fall within the private IP spaces specified.
+    #TRUSTED_PROXIES=::1,127.0.0.1,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
+    "TRUSTED_PROXIES=192.168.3.29",
+
+    # Valkey
+    "VALKEY_PASSWORD=!ChangeThisValkeyPass!",
+    "REDIS_DNS=redis://!ChangeThisValkeyPass!@valkey:6379",
+
+    # S3 storage (optional)
+    "S3_KEY=",
+    "S3_SECRET=",
+    "S3_BUCKET=",
+    "S3_REGION=",
+    "S3_ENDPOINT=",
+    "S3_VERSION=",
+
+    # Only let admins generate oauth clients
+    "KBIN_ADMIN_ONLY_OAUTH_CLIENTS=false",
+
+    # Manually approve every new user
+    "MBIN_NEW_USERS_NEED_APPROVAL=true",
+
+    # use an allowlist instead of a ban list
+    "MBIN_USE_FEDERATION_ALLOW_LIST=false",
+
+
+    # image exif cleaning options
+    # available value: none, sanitize, scrub
+    # can be set differently for user uploaded and external media
+    "EXIF_CLEAN_MODE_UPLOADED=sanitize",
+    "EXIF_CLEAN_MODE_EXTERNAL=none",
+    # path to exiftool binary, leave blank for auto PATH search
+    "EXIF_EXIFTOOL_PATH=",
+    # max execution time for exiftool in seconds, defaults to 10 seconds
+    "EXIF_EXIFTOOL_TIMEOUT=10",
+
+    ###> symfony/framework-bundle ###
+    "APP_SECRET=!ChangeSecret!",
+    ###< symfony/framework-bundle ###
+
+    ###> doctrine/doctrine-bundle ###
+    # Format described at https://www.doctrine-project.org/projects/doctrine-dbal/en/latest/reference/configuration.html#connecting-using-a-url
+    "POSTGRES_DB=mbin",
+    "POSTGRES_USER=mbin",
+    "POSTGRES_PASSWORD=Ob9FJL@EtRh*$Z",
+    # IMPORTANT: You MUST configure your PostgreSQL server version!
+    "POSTGRES_VERSION=16",
+    "DATABASE_URL=\"postgresql://mbin:Ob9FJL@EtRh*$Z@postgres:5432/mbin?serverVersion=16&charset=utf8\"",
+    ###< doctrine/doctrine-bundle ###
+
+    ###> symfony/messenger ###
+    "RABBITMQ_DEFAULT_USER=mbin",
+    "RABBITMQ_DEFAULT_PASS=!ChangeThisRabbitPass!",
+    "MESSENGER_TRANSPORT_DSN=amqp://mbin:!ChangeThisRabbitPass!@amqproxy:5673/%2f/messages",
+    ###< symfony/messenger ###
+
+    ###> symfony/mailer ###
+    # See https://symfony.com/doc/current/mailer.html#using-built-in-transports
+    # MAILER_DSN=sendmail://default # Use sendmail when you are using Postfix
+    "MAILER_DSN=smtp://rescla-mbin:cPb77TjZ8QiXl5G7@mail-eu.smtp2go.com:587?encryption=tls&auth_mode=log",
+    # Explicitly url encode any character in username and password
+    # %40 = @
+    # Gmail:
+    # MAILER_DSN=gmail+smtp://user%40domain.com:pass@smtp.gmail.com
+    # Our own SMTP server:
+    # MAILER_DSN=smtp://username:password@smtpserver.tld:587?encryption=tls&auth_mode=log
+    # MAILER_DSN=smtp://username:password@smtpserver.tld:465?encryption=ssl&auth_mode=log
+    ###< symfony/mailer ###
+
+    ###> symfony/mailgun-mailer ###
+    # MAILER_DSN=mailgun://KEY:DOMAIN@default?region=us
+    # MAILER_DSN=mailgun+smtp://postmaster@sandboxxx.mailgun.org:key@default?region=us
+    ###< symfony/mailgun-mailer ###
+
+    ###> symfony/mercure-bundle ###
+    # See https://symfony.com/doc/current/mercure.html#configuration
+    # The URL of the Mercure hub, used by the app to publish updates (can be a local URL)
+    # Assuming you are running Mercure Caddy on port 3000
+    "MERCURE_URL=http://php/.well-known/mercure",
+    # The public URL of the Mercure hub, used by the browser to connect
+    "MERCURE_PUBLIC_URL=https://kbin.rescla.me/.well-known/mercure",
+    # The secret used to sign the JWTs
+    "MERCURE_JWT_SECRET=!ChangeThisMercureHubJWTSecretKey!",
+    ###< symfony/mercure-bundle ###
+
+    ###> nelmio/cors-bundle ###
+    "CORS_ALLOW_ORIGIN=\"^https?://(kbin.rescla.me|127\.0\.0\.1)(:[0-9]+)?$\"",
+    ###< nelmio/cors-bundle ###
+
+    ###> symfony/lock ###
+    # Choose one of the stores below
+    # postgresql+advisory://db_user:db_password@localhost/db_name
+    "LOCK_DSN=flock",
+    ###< symfony/lock ###
+
+    ###> league/oauth2-server-bundle ###
+    "OAUTH_PRIVATE_KEY=%kernel.project_dir%/config/oauth2/private.pem",
+    "OAUTH_PUBLIC_KEY=%kernel.project_dir%/config/oauth2/public.pem",
+    "OAUTH_PASSPHRASE=!ChangeThisOauthPass!",
+    "OAUTH_ENCRYPTION_KEY=",
+    ###< league/oauth2-server-bundle ###
+  ]
+}
+
+data "docker_registry_image" "mbin" {
+  name = "ghcr.io/mbinorg/mbin:latest"
+}
+
+resource "docker_image" "mbin" {
+  name = data.docker_registry_image.mbin.name
+  pull_triggers = [data.docker_registry_image.mbin.sha256_digest]
+}
+
+resource "docker_container" "mbin-php" {
+  image = docker_image.configarr.image_id
+  name  = "mbin-php"
+
+  env = var.mbin_env
+
+}